We begin our discussion of pervasive controls by introducing four broad IT control process domains and explain how IT control processes are directed at the control of IT resources and the attainment of the information qualities. Table 8.2 defines IT resources that must be managed by the control processes. According to COBIT these IT resources must be managed to ensure that the organization has the information that it needs to achieve its objectives. 1 COBIT also describes the qualities that this information must exhibit in order for it to be of value to the organization. These qualities are defined in Table 1.1.
Name and describe the five IT resources.
We must determine how we can protect an organization’s computer from misuse, intentional or inadvertent, from within and from outside the organization. Pervasive controls are directed at answering the following questions. How can we protect the computer room, the headquarters building, and the rooms and buildings in which other connected facilities are located? In the event of a disaster, will we be able to continue our operations? What policies and procedures can be established (and documented) to provide for efficient, effective, and authorized use of the computer? What measures can we take to help ensure that the personnel who operate and use the computer are competent and honest? An organization’s Information Systems function(ISF) is the department that develops and operates an organization’s Information System. The function (department) is composed of people, procedures, and equipment. This function is the object of many of the IT controls and its management, at the same time, is responsible for the implementation and operation of these processes.